A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features - Computer Science and Its Applications
Conference Papers Year : 2015

A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features

Abstract

Constructing an efficient malware detection system requires taking into consideration two important aspects, which are the accuracy and the detection time. However, finding an appropriate balance between these two characteristics remains at this time a very challenging problem. In this paper, we present a real-time PE (Portable Executable) malware detection system, which is based on the analysis of the information stored in the PE-Optional Header fields (PEF). Our system used a combination of the Chi-square (KHI2) score and the Phi (ϕ) coefficient as feature selection method. We have evaluated our system using Rotation Forest classifier implemented in WEKA and we reached more than 97% of accuracy. Our system is able to categorize a file in 0.077 seconds, which makes it adequate for real-time detection of malware.
Fichier principal
Vignette du fichier
339159_1_En_34_Chapter.pdf (416.47 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01789936 , version 1 (11-05-2018)

Licence

Identifiers

Cite

Mohamed Belaoued, Smaine Mazouzi. A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features. 5th International Conference on Computer Science and Its Applications (CIIA), May 2015, Saida, Algeria. pp.416-425, ⟨10.1007/978-3-319-19578-0_34⟩. ⟨hal-01789936⟩
350 View
1071 Download

Altmetric

Share

More